FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available

Martin.Hepworth martinh at solidstatelogic.com
Tue Jun 12 09:55:37 IST 2007


Jules

Looks mainly like RPM build issues........no suggestions of
fixes/work-arounds that I've seen on the list.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> bounces at lists.mailscanner.info] On Behalf Of Julian Field
> Sent: 12 June 2007 09:39
> To: MailScanner discussion
> Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Please can you summarise the reported problems, and post here?
> Also, please can you keep an eye open for fixes?
>
> Randal, Phil wrote:
> > There are a few problems reported over on the spamassassin-users
mailing
> > list, so proceed with caution.
> >
> > Phil
> >
> > --
> > Phil Randal
> > Network Engineer
> > Herefordshire Council
> > Hereford, UK
> >
> > -----Original Message-----
> > From: jm at jmason.org [mailto:jm at jmason.org]
> > Sent: 11 June 2007 21:14
> > To: users at spamassassin.apache.org; dev at spamassassin.apache.org;
> > announce at spamassassin.apache.org
> > Subject: ANNOUNCE: Apache SpamAssassin 3.2.1 available
> >
> > Apache SpamAssassin 3.2.1 is now available!  This is a maintenance
and
> > security release of the 3.2.x branch.  It is highly recommended that
> > people upgrade to this version from 3.2.0.
> >
> > Downloads are available from:
> >   http://spamassassin.apache.org/downloads.cgi?update=200706111806
> >
> > The release file will also be available via CPAN in the near future.
> >
> >   md5sum of archive files:
> >   7b2fdbcdca5e9a181d4bb1b17663c138  Mail-SpamAssassin-3.2.1.tar.bz2
> >   a7d51294c565999da01f212e5ad2a031  Mail-SpamAssassin-3.2.1.tar.gz
> >   e058ed0dfe82ee62f617c12cc02e538b  Mail-SpamAssassin-3.2.1.zip
> >
> >   sha1sum of archive files:
> >   3095b38d90d0362c4e47e117fb612778a2ac362b
> > Mail-SpamAssassin-3.2.1.tar.bz2
> >   fbb5f538238e188f985c8e6672dad531fa035eea
> > Mail-SpamAssassin-3.2.1.tar.gz
> >   d6566975544cd706052d310481d7a100ffce14d1
Mail-SpamAssassin-3.2.1.zip
> >
> > The release files also have a .asc accompanying them.  The file
serves
> > as an external GPG signature for the given release file.  The
signing
> > key is available via the wwwkeys.pgp.net key server, as well as
> > http://spamassassin.apache.org/released/GPG-SIGNING-KEY
> >
> > The key information is:
> >
> > pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key
> > <release at spamassassin.org>
> >     Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24  F6D7 DEE0 1987 265F
A05B
> >
> >
> > 3.2.1 is a major bug-fix release, including a potential local DoS.
The
> > major highlights are:
> >
> > - bug 5480: fix for CVE-2007-2873: a local user symlink-attack DoS
> >   vulnerability. It only affects systems where spamd is run as root,
is
> > used
> >   with vpopmail or virtual users via the "-v"/"--vpopmail" OR
> >   "--virtual-config-dir" switch, AND with the "-x"/"--no-user-config
AND
> >   WITHOUT the "-u"/"--username" switch AND with the
"-l"/"--allow-tell"
> > switch.
> >   This is not default on any distro package, and is not a common
> > configuration.
> >   More details of the vulnerability can be read at
> >   <http://spamassassin.apache.org/advisories/cve-2007-2873.txt>.
> >
> > - bug 5488: zero some rules causing false positives:
FH_HOST_EQ_D_D_D_DB
> > and
> >   FH_HOST_EQ_D_D_D_D.
> >
> > - bug 5257: re-raise autolearn ham threshold to 1.0; the lower value
> >   used in 3.2.0 was creating problems.
> >
> > - bug 5422: in spamd, deleting hash entries from the SIGCHLD signal
> > handler is
> >   unsafe, causes corruption of the data structure, and results in
> > 'prefork:
> >   ordered child N to accept, but they reported state '1', killing
rogue'
> >   errors.  fix.
> >
> > - bug 5102: tighten up regexp for FORGED_HOTMAIL_RCVD to avoid some
FPs.
> >
> > - bug 5457: spamc build and test should handle not having zlib
> > available.
> >
> > - bug 5379: spamd could crash at startup if its preloading temporary
> > directory
> >   already exists. fix.
> >
> > - bug 4616: spamc config can cause command line options to be
ignored.
> > fix.
> >
> > - bug 5485: zero score DK/DKIM_POLICY_SIGNSOME rules since they'll
> > always fire
> >   due to defaults (unless there's an explicit SIGNALL policy).
> >
> > - bug 5492: VBounce rule was looking in header instead of body for
> > whitelisted
> >   relays. fix.
> >
> > - bug 5487: prevent multiple "urirhssub"s using the same zone from
> > overwriting
> >   each other.
> >
> > - bug 5432 - Change default in Win32 build to not build spamc.
> >
> > - bug 5446: add --updatedir option to sa-compile and remove
inaccurate
> > re2c
> >   required version info from pod.
> >
> > - bug 5436: add omitted "ifplugin" statements to the configuration,
> > which would
> >   otherwise cause lint errors if the default plugins were disabled.
> >
> > - bug 5477: prevent Rule2XSBody info message from appearing on
stderr
> > during
> >   spamd startup.
> >
> >
> >
>
> Jules
>
> - --
> Julian Field MEng CITP
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> MailScanner customisation, or any advanced system administration help?
> Contact me at Jules at Jules.FM
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> For all your IT requirements visit www.transtec.co.uk
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.6.1 (Build 1012)
> Charset: ISO-8859-1
>
> wj8DBQFGblvJEfZZRxQVtlQRAitYAJ9ukdzbZfMxJOgA62fdd/pf6Eq/cwCfZ9ln
> DZrqSI6202fefWiIdrWzNOQ=
> =higr
> -----END PGP SIGNATURE-----
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> For all your IT requirements visit www.transtec.co.uk
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************



More information about the MailScanner mailing list